CWE-352

Medium likelihood

Cross-Site Request Forgery (CSRF)

Parent: CWE-345 - Insufficient Verification of Data Authenticity

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

9,371 vulnerabilities with CWE-352
CVE-2022-1918 HIGH
ToolBar to Share < 2.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-1900 HIGH
Copify <= 1.3.0 - Cross-Site Request Forgery via Missing Nonce Validation
CVSS 8.8
CVE-2022-1793 MEDIUM
Private Files WordPress Plugin <= 0.40 - Cross-Site Request Forgery via Protection Disable Action
CVSS 4.3
CVE-2022-1792 MEDIUM
Quick Subscribe < 1.7.1 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-1791 HIGH
One Click Plugin Updater < 2.4.14 - Cross-Site Request Forgery in Settings Update
CVSS 8.1
CVE-2022-1790 MEDIUM
New User Email Set Up < 0.5.2 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-1788 MEDIUM
Change Uploaded File Permissions < 4.0.0 - Cross-Site Request Forgery
CVSS 6.5
CVE-2022-1787 MEDIUM
Sideblog < 6.0 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 5.4
CVE-2022-1781 MEDIUM
postTabs < 2.10.6 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 5.4
CVE-2022-1780 MEDIUM
LaTeX for WordPress < 3.4.10 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 5.4
CVE-2022-1779 HIGH
Auto Delete Posts < 1.3.0 - Cross-Site Request Forgery in Settings Update
CVSS 8.1
CVE-2022-1765 HIGH
Hot Linked Image Cacher < 1.16 - Cross-Site Request Forgery
CVSS 8.8
CVE-2022-1764 MEDIUM
WP-chgFontSize < 1.8 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-1763 MEDIUM
Static Page eXtended < 2.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-1761 MEDIUM
Peter's Collaboration E-mails < 2.2.0 - Cross-Site Request Forgery via Missing Nonce Check
CVSS 6.5
CVE-2022-1759 MEDIUM
RB Internal Links < 2.0.16 - Cross-Site Request Forgery and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-1758 HIGH
Genki Pre-Publish Reminder < 1.4.1 - Cross-Site Request Forgery and Stored Cross-Site Scripting via Settings Update
CVSS 8.8
CVE-2022-1694 MEDIUM
Useful Banner Manager < 1.6.1 - Cross-Site Request Forgery in Admin Page
CVSS 6.5
CVE-2022-1624 MEDIUM
Latest Tweets Widget < 1.1.4 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-1612 MEDIUM
Webriti SMTP Mail < 1.0 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-1608 MEDIUM
OnePress Social Locker < 5.6.2 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-1605 MEDIUM
Email Users WordPress Plugin < 4.8.8 - Cross-Site Request Forgery in Settings Update
CVSS 6.5
CVE-2022-1594 MEDIUM
HC Custom WP-Admin URL < 1.4 - Cross-Site Request Forgery in Settings Update
CVSS 4.3
CVE-2022-27174 MEDIUM
Easy Blog for EC-CUBE4 <= 1.0.1 - Unauthenticated Cross-Site Request Forgery
CVSS 4.3
CVE-2022-22479 HIGH
IBM Spectrum Copy Data Management <2.2.15.0 - CSRF
CVSS 8.8
Details
Vulnerabilities 9,371
Exploit Likelihood Medium